This section contains detailed articles elaborating on some of the common issues phpBB users encounter while using the product. Articles submitted by members of the community are checked for accuracy by the relevant phpBB Team. If you do not find the answer to your question here, we recommend looking through the Support Section as well as using the Site Wide Search.

What Is Spam?

[url=https://www.phpbb.com/support/docs/en/3.2/kb/article/what-is-spam/]Knowledge Base - What Is Spam?[/url]

Spam is a common problem for forums; the below discusses what exactly spam is for the purposes of discussion and clarification. See our spam prevention topic for information on how to stop spam.

Spam FAQ

What is a spam bot?
Simply put, a spam bot (with relation to phpBB) is a script that is able to register an account and/or post spam on your board.

Is spam a security threat?
No. While spammers may seem like they are breaking through your defenses, they actually don't do anything that a regular users couldn't do (register, post, etc). Spam is therefore not a vulnerability and should not be considered as such.

How do they work?
Spam bots do what they are programmed to do; nothing more. Not having the ability to adapt on the fly puts bots at a disadvantage when put against informed administrators such as yourself. The trick for dealing with bots is to stay one step ahead of their authors. Nearly all anti-spam MODs focus on changing the registration/posting form in order to prevent bots from being able to fill out the information properly.

Do bots fill in the form the same way humans do?
No, the majority of bots submit their responses directly, without loading the form that you set up. What this means in practical terms is that changing only the HTML form will not do anything; you need to actually change how the passed information is interpreted (that means editing the .php files). If you encounter MODs that only edit HTML, they are pointless.

Should I ban bots by IP or email TLD (.ru, .info, etc.)?
If your goal is to save time, this strategy will not help. IPs are often cycled and there are thousands of available proxies that can be found just by searching. By banning IPs, you will also end up banning legitimate users. As bots use a variety of TLDs for their email accounts (including .com, .org and .net), banning international ones like .ru may help slightly, but you will once again end up banning legitimate users (and won't ban nearly every bot). In short, you should focus on preventing as many bots as possible, while not causing legitimate users too much extra hassle.

What about human spammers?
Fighting human spammers is more difficult than fighting bots. While bots will blindly attempt to register and post on every board possible, human spammers will want to make sure that their spam is actually being seen. The trick to fighting human spammers, therefore, is to remove any incentive they would have of targeting your board.

Will following the provided guide stop all spam?
As I said above, human spammers are difficult to stop and some bots may be adapted to work on your site. Following the guide will, however, cause a significant decrease in the amount of spam starting from the very first day